Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: nshah on April 10, 2011, 11:57:13 AM

Title: No sound on my PC- Detected malware
Post by: nshah on April 10, 2011, 11:57:13 AM

Hi ,
I was watching a few shows on Vlc and the sound started disappearing slowly. Since then I have not had any sound on my PC. I have run anti-spywares, ccleaners and updated all drivers. I also tried system restore to a previous time and it failed 5 times. Finally I came to this forum. I have done all the 6 steps mentioned in your "read before you ask for help" and below are the logs from
- SuperAntispyware
- Malwarebytes' Anti-Malware
- HijackThis

I'd really appreciate if someone can help me with this problem...

LOG FROM SuperAntispyware


SUPERAntiSpyware Scan Log
http://www.superantispyware.com (http://www.superantispyware.com)

Generated 04/10/2011 at 10:18 PM

Application Version : 4.50.1002

Core Rules Database Version : 6799
Trace Rules Database Version: 4611

Scan type       : Complete Scan
Total Scan Time : 01:43:04

Memory items scanned      : 753
Memory threats detected   : 0
Registry items scanned    : 10921
Registry threats detected : 0
File items scanned        : 155425
File threats detected     : 119

Adware.Tracking Cookie
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\namrata@directtrack[2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\namrata@doubleclick[2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\namrata@mywebsearch[1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\namrata@zedo[2].txt
   s0.2mdn.net [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3ENSHXAY ]
   .chitika.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\piiaz0s2.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mm.chitika.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   wstat.wibiya.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com (http://www.googleadservices.com) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   trekmedia.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.trekmedia.net (http://www.trekmedia.net) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz (http://www.visit-tracker.biz) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.trekmedia.net (http://www.trekmedia.net) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.com (http://www.visit-tracker.com) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz (http://www.visit-tracker.biz) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.com (http://www.visit-tracker.com) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xiti.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   segment-pixel.invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ar.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com (http://www.burstnet.com) [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .mm.chitika.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .2o7.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]

Adware.Agent/Gen-Zango
   C:\USERS\NAMRATA\DOWNLOADS\EMULESETUP.EXE

LOG FROM Malwarebytes' Anti-Malware


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org


Database version: 6325


Windows 6.1.7600
Internet Explorer 8.0.7600.16385


10-04-2011 23:09:12
mbam-log-2011-04-10 (23-09-12).txt


Scan type: Quick scan
Objects scanned: 184349
Time elapsed: 4 minute(s), 3 second(s)


Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3


Memory Processes Infected:
(No malicious items detected)


Memory Modules Infected:
c:\Windows\System32\supxwatraqwvcgdch.dll (Adware.AdRotator) -> Delete on reboot.


Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hfdfwjpsrmiowup (Adware.AdRotator) -> Quarantined and deleted successfully.


Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kbgrecvqxkyyg (Adware.AdRotator) -> Value: kbgrecvqxkyyg -> Quarantined and deleted successfully.


Registry Data Items Infected:
(No malicious items detected)


Folders Infected:
(No malicious items detected)


Files Infected:
c:\Windows\System32\supxwatraqwvcgdch.dll (Adware.AdRotator) -> Delete on reboot.
c:\Users\Namrata\AppData\Local\Temp\browserhotfix1.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Namrata\local settings\temporary internet files\Content.IE5\3MMH8ISL\setup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.


LOG FROM hijackthis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:20:25, on 10-04-2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal


Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\OEM13Mon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\SUPERAntiSpyware\6354c80e-8a16-4371-beda-9ff4579d8d9e.com
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\System32\NOTEPAD.EXE
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2405280
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] C:\Users\Namrata\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Namrata\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TimeSheet] C:\Program Files\TimeSheet\TimeSheet.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TimeSheet] C:\Program Files\TimeSheet\TimeSheet.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 9975 bytes




Waiting for help from someone.....please!!

Title: Re: No sound on my PC- Detected malware
Post by: SuperDave on April 10, 2011, 07:14:54 PM

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Important: Close all open windows except for HijackThis and then click

Fix checked.

Once completed, exit HijackThis.
*********************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.